2c, 6b 


&) 


CONFIDENT TAL 
Approved For Release Seb aret ne : CIA-RDP87B01034R000700070010-1 


COMPARISON OF PROPOSED NSOD WITH PD-24 


a 


CHANGE 


Expands scope to include all automated 
systems including word processors. 


Expands security mission to include 
‘information affecting privacy of U.S. 
persons. 


Adds provision for the Government to 
formulate strategies and measures for 
providing protection for “systems 
which handle nongovernment informa- 
tion the loss of which could acversely 
affect the national interest or the 
rights of U.S. persons...." Explicit 
responsibilities and mechanisms to 
implement this policy are not pro- 
vided but must devolve on the DIRNSA. 


Replaces PD-24-based Nationa’ 
nications Security Commiltac w 
Steering Group and National Te 
munications an¢ Information Sy 
Security Committee (NTISSC). 


onmu~ 
tn a 
ecome 
tems 


wot 23 09 


CONSEQUENCES 


Raises questions of feasibility of 
managing consolidated effort. 


Raises questions of Executive Agent's 
and National Manager's suitability 
to represent entire Government's 
privacy interests. 


The propriety of this goal, and its 

pursuit by a military agency, are legal 
issues which should: be explored by the 
ttorney General. 


The breadth of issues covered raises 
questions of who should be represented 
on these groups, and what other organi- 
zations are affected. © 
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CHANGE 


Empowers Steering Group to approve 
“consciidated resources pregram 
and budget proposals" for national 
telecommunications and information 
systems security. 


Centralizes review of systems‘ 
security status by the Steering Group. 


NTISSC to “administer matters per- 
taining to the release of sensitive 
security information, techniques and 
materials to foreicn governments or 
international organizations (except 
in intelligence operations managed 

by the Director, Central Intelligence 
Agency) ." 


Makes SecDef Executive Agent for Auto- 
mated Systems Security as well as for 
Telecommunications Security. Expands 
his executive agent rele in cayer all 
electronic information, nol just 


®rational security" information as 
before. 


CONSEQUENCES 


Restructures budget review process for 
these areas, with significant impact 
on BCI role for NFIP and on department 
and agency head author ities to set 
priorities. 


Implies migration of accreditation 
approval responsibilities from depart- 
ments and agencies to the Steering Group, 
which would be separated from the 
environment to be accredited. 


Supersedes the DCI's £.0. 12333 authori- 
ties to prescribe policies for and 
ecordinate foreign intelligence relation- 
ships (except for DDO operations). 


Considering the rapid expansion of word 
processing, makes SecDef Executive Agent 
for all Government information 
processing. 


MCT 
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CHANGE. L. 


Secretary of Commerce out as Execu- 
tive Agent for unclassified, non- 
national security information, and 
for commercial and private sector 
information. 


Empowers SecDef to “procure for and 
provide to government agencies, and 
where appropriate, to private institu- 
tions (including Government contractors) 
and foreign governments, equipment a d 
other materials.” 


Empowers SecDef to develop and submit 

a National Telecommunications and 
Information Systems Security Program 
budget, “including funds for the pro- 
curement and provision of equipment and 
materials® Government (and contractor) 
wide. 


The DIRNSA would be responsibie for 

carrying out the foregoing responsi- 
bilities of the Secretary of Defense 
as Executive Agant. 


Empowers DIRNSA to “empirically 
examine Government telecommunications 


and automated information systems and 


eyaluate their vulnerability to hostile 


interceptions and exploitation." 


CONFIDENTIAL 


CONSEQUENCES 


Severely curtails Bureau of Standards 
role and functions. Raises question 
of legal propriety of militery respon- 
sibllity for this érea. 


GSA, and department and agency heads 
with delegated authority, would lose 
the right to procure computers and word 
processors. Centralized procurement 
would make it very difficult to meet 
schedule and individual agency require- 
ments. 


Seriously affects the budget cycle, 
department and agency head administra- 
tive prerogatives, and DCI role in NFIP. 
Raises questions of feasibility of dis- 


charging this responsibility. 


All previously itemized Seclef respon- 
sibilities may be delegated to DIRNSA. 


Shifts security accreditation responsi- 
bility for all Government and contractor 
telecommunications and information 


systems to SiRNSA. 
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CHANGE 
Empowers DIRNSA to davelop and approve 
"all standards, techniques, systems 


and equipment” “reiated to cryptog 
rapny, communications security ana 
trusted computer and automated inf 
matiocn systems." 


Empowers DIRNSA to perform al! 
Government-sponsored R&D for telecom- 
munications and information systems 


Removes PD-24 authority of heads of 
Federal departments and agencies to 
organize and conduct their commu- 
nications security and smanations 
security activities as they see fit, 
and vests this responsibility with 
the DIRNSA,. 


Empowers DIRNSA to conduct liaison 
with foreign governments and inter- 
national organizations. 


Empowers DIRNSA to conduct all 
security-related liaison with 
private institutions. 


Empowers DIRNSA to operate 
industrial facilities to provide 
“cryptographic and other sensitive 
security materials or services." 


CONSEQUENCES 


Entire Government must use DIRNSA sre 
cified standards, techniques, sisten 
and equipment. 


Eliminates such roles for CIA (ISSG and 
ORD), DOE (LLL, etc.), Bureau of 
Standards, GSA and others. 


In CIA, for example, removes OC COMSEC 
and OS ISSG missions. 


Impacts formal and informal roles of DCI, 
State Department and Commerce Department 
in many relationships. 


Removes Bureau of Standards role with 
American National Standards Institute, 
Question of legal propriety arises 
again. 


Precludes any other agencies from working 
or contracting in those areas. Could 
impact private sector research into 
security methods. 
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CHANGE 


Empowers DIRNSA to assess and dis- 
seminate information on nostile 
threats to telecomnunications and 
automated information systems. 


Requires department and agency heads | 


to provide DIRNSA all information "he 
may need to discharge the responsi- 
bilities assigned...." 


Recuires DCI to provide DIRNSA with 
“unique handling requirements associ- 
ated with the protection of sensitive 
compartmented intelligence." 


CONSEQUENCES 


Removes analysis missions from CIA and 
DIA, such as technology transfer and 
Soviet technology. 


DIRNSA specifies what he wants; others 
have to provide. 


DIRNSA free to accept, modify or reject 
requirements. Does not accurately recog- 
the DCI's statutory responsibilities and 
authorities. 
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